Comments (6)
#35 , can you apply this pull request it if you are ok with it or fix like you wanted
from highlight-words.
Sir can you please look the pr I created
from highlight-words.
Hi @shajithomas32! Thanks for taking a look at this. I don't really see the security issue though. The Math.random
call is just to generate an ID with no overhead. It's not mean to be secure or unpredictable - just unique enough in most situations.
I'd say...if this is the only security problem with your app, then you're doing better than 99% of the apps out there. Congrats!
For us, the overhead of using crypto isn't worth it.
Seeing how you've PRed already, it means you can already use your code in your app if you so choose. To do this, you can make use of npm overrides, as documented here.
Essentially, do this:
{
"overrides": {
"highlight-words": "git://github.com/shajithomas32/highlight-words.git"
}
}
So no matter what your dependencies use, you'll pull in your code.
from highlight-words.
from highlight-words.
Yes, that's what overrides does.
from highlight-words.
Thanks for your work around solution suggestion. But you can consider this request in future because it help us with the scan paper work. We got this scan result from fortify scan. Recommend highly to do scans because companies are strict with scan results even though scan results don't make sense in this case
from highlight-words.
Related Issues (12)
- Option Proposal: `maxLength` HOT 9
- Investigate potential performance issues HOT 3
- New Option: `clipByLength` HOT 5
- ESM Support HOT 14
- Regular expresion in query param? HOT 11
- Invalid query type HOT 2
- This work with IE browser? HOT 1
- Query words with double spaces HOT 4
- Option to ignore diacritics HOT 1
- Declaration file not found with `Node16` module + moduleResolution HOT 12
- Return Text Fragments for linking to highlights? HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from highlight-words.